Solaris installations can be automated via a process called jumpstart. Jumpstart servers are composed of serveral pieces that work in concert to identify, boot, and install the selected operating system onto a host computer. While the configuration of the nessecary pieces is documented (not well); the process is tedious. If certain critical configurtaion details are not done correctly, the Jumpstart service will break in mysterious ways. Furthoremore; either DHCP or rarp/bootparam services may be used to supply the required data to the client. Each of these has pros and cons. This document details the nessecary pieces and the configuration of those pieces. Where availible the Sun documents will be referenced.

The custom jumpstart infrastucture is composed of 4 major components, which may reside on seperate servers: 1) name services, including NIS/YP services; 2) the boot server; 3) the install server; 4) the profile server. If you are setting up jumpstart services for a 'flat', non-routed IP network, then all of these components may be placed onto 1 server. The naming and boot services utilize broadcast mechanisims, so they must be availible to all networks on which a jumpstart will be performed. This may be done by using multihomed servers or multiple servers.

In general, the network boot process will several protocols to accomplish the task of identifying the host type and loading the proper operating system image. Either DHCP or RARP/BOOTPARAMS will be used to obtain the host IP address and the location of the boot files. TFTP is used to load the specified operating system. Both DNS and NIS will be used to map server names for use with NFS. NIS will supply timezone/locale/services/ etc mapping. Each of these servcies must be defined in NIS or by using the appropriate entries in a sysidcfg file (which can be delivered via the network).

Several basic network services must be in place before attempting to perform net-loads. These include nameservices and time/date servers. You can perform jumpstarts without NIS/YP. It is almost impossible to manage a fully automatic hands-off install without it, because of the number of configuration parameters the client needs. It is recommended to setup a ypserver on the boot/install server.

• Time/Date - The boot client uses rdate(1) to obtain the current (approximatly) time and date from a predefined host called timeserver. There are 2 methods the of providing the time server IP to the client: 1) from a standard name service, typically NIS; or 2) from the sysidcfg file found via the network (or local to the client via tape or floppy disc). You will need the time service enabled in /etc/inetd.conf on the designated host. NOTE: if you specify timeserver=localhost in the sysidcfg file, the client will use it's local TOD clock; thus, eliminating the need for a network time source (at least as far as jumpstart is concerned)
• NIS - The following parameters will be provided by NIS: locale, timezone, hostname, and netmask. In a standard NIS configuration all but the locale and timezone maps are provided. So you will need to create the source files for them. Additionally, you will need to add provisions for building the locale.byname map into /var/yp/Makefile. The entries in the locale source map domain name into locale name:

            xylan.com               C               # the head office
            ind.alcatel.com         C
            corp.xylan.com          C
            test-net.xylan.com      C
            cs.xylan.com            C
          

  Where the domain name is both the ypdomain and the DNS domain. (actually, I've never figured out which, so I include both....) The entries in the timezone source map timezone-name (from /usr/share/lib/zoneinfo) into domain name:

            US/Pacific xylan.com            # the head office
            US/Pacific ind.alcatel.com
            US/Pacific corp.xylan.com
            US/Pacific test-net.xylan.com
            US/Pacific cs.xylan.com
          

  Again, the domain name is both the ypdomain and the DNS domain. (see above...)

The initial phase of network booting starts with host identification and boot parameter download. As stated before this can be supplied by 1 of 2 methods. Initially you can use the -b flag with the setup_install_server utility to create the boot configuration.

1. RARPD and BOOTPARAMS configuration. Note: in the AIND network network configuration, we are using group mobility to direct packet with Sun OUIs to the boot server on one specific VLAN. The RARP server verifies the assigned IP address with the network that the packet is recieved on, this check will fail in our group mobile environment. We have a special rarp server that will: 1) scan all of the interfaces for a valid network; 2) ignore the inbound interface check to determine the request validity; 3) and finally pass the response back out the interface that the request was received on.
   • Configure rarpd to use the local /etc/ethers file over the NIS map, by using the following entry in /etc/nsswitch.conf:

                 ethers: files nis
               

   • Enable tftp in /etc/inetd.conf using the following entry:

                 tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
               

   • Niether the tftp server nor the rarpd server will start if the NFS server is not enabled and the /tftpboot directory does not exsist. So you need to create the /tftpboot directory (and /rplboot if this server will support x86 clients):

                 mkdir /tftpboot /rplboot
                 chown root:other /tftpboot /rplboot
                 chmod 775 /tftpboot /rplboot
                 cd /tftpboot
                 ln -s tftpboot .
               

   • The add_client procedure will populate /tftpboot (and /rplboot) with the appropriate boot images, and the boot file details will be installed into /etc/bootparams database. The entries placed into /etc/bootparams will be insufficiant to provide the profile server path data. So you must put the following at the head of /etc/bootparams:

                 * install_config=<SERVER1>:/<JSPATH> sysid_config=<SERVER2>:/<PROFILE>
               

     Where <SERVER1> is the hostname of the jumpstart configuration server, <JSPATH> is the directory where the jumpstart configuration files are located, <SERVER2> is the hostname of the sysidcfg profile server, and <PROFILE> is the directory where the default sysidcfg is located.
2. DHCP configuration using ISC dhcp version 3.

Client configuration data is maintained groups called profiles. These profiles are used during the installation process to determine the network configuration and other basic client configuration.

If you are using the RARP/BOOTPARAMS method to boot the install clients, you will use the general add_client routine located in booty:/export/jumpstart/Tools to add the specific entries on the server, to install the client. This general routine calls the OS specific add_install_client() functions that are found within the OS .../Tools/Boot directories. Initially the jumpstart server only serviced Sun Solaris installs and the installation directories could be NFS exported read-only (as required by jumpstart^TM). We are now servicing Linux, FreeBSD, and Solaris installations from this server, this requires that some of the installation directories be exported read-write to specific clients. The Sun supplied add_install_client() verifies that the installation directories are exclusively exported read-only, anon=0. This is broken!

The add_install_client() routines MUST be modified to NOT export the installation directories (this is done when the install server boots). The export_fs() call is the generic function that is used to verify and export NFS directories, it should not be modified; rather the calls to this function should be removed (commented out) for the following directory exports: $PRODUCT_SERVER and $IMAGE_PATH. These add_install_client() script uses these variables to hold the installation directory names. In the current Solaris 8 add_install_client() script (12-Jan-2005), lines 2045-2048 should be commented out. These lines are within the context of:

fi

#
# Add the boot image directory and the products directory (if local)
# to the exports file.
#
#if [ "${PRODUCT_SERVER}" = "${SUBNET_NAME}" ]; then
#       export_fs $PRODUCT_PATH
#fi
#export_fs $IMAGE_PATH

# CLEAN file is used so rm_install_client can undo (most of) the setup
if [ "X$CLIENT_TYPE" = "XDHCP" ] ; then
    

Ideally, this file should be under revision control.

Sometime around the 4/04 release of Solaris 9, the physical layout of the CD media changed. This change moved the .../Boot directory, which was physically on slice 0, to slice 1. This affects the execution of setup_install_server. During the setup_install_server execution the boot server's .../Solaris_9/Tools/Boot directory is populated from the .../Solaris_9/Tools/Boot directory of the CD media, which is no longer availible. Sun has acknowleged this problem and has provided a manual workaround via SRD 72332, which addresses the CD media mount point issues when vold is NOT running. It should be noted that even when vold is running, the CD media may not mount correctly; thus, slice 1 will not be availible to setup_install_server. The workaround is thus:

• Kill vold, if it is running.
• Mount slice 0 of the installation media, via mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /mnt.
• Create the slice 1 mountpoint /s1.
• Mount slice 1 of the installation media, via mount -o ro /dev/dsk/c0t6d0s1 /s1.
• The setup_install_server command will now run correctly.
• After setup_install_server completes you must un-mount both slices before ejecting the CD media.

During the course of jumpstart configuration and debug you will find it helpful to understand the execution flow. After the initial loader is obtained via tftp the following programs/scripts are executed. Note: most of the execs are located in /export/install/2.x/Solaris_x/Tools/Boot/sbin

1. /etc/init reads .../Boot/etc/inittab
2. .../Boot/sbin/startup is called by init. (indicated by "Searching for configuration file(s)")
   • .../Boot/sbin/sysidfind - called by startup

     This looks for a sysidcfg file using the following search order: floppy (PCFS then UFS), Network (bootprarms or DHCP), and finally TAPE.

   • .../Boot/sbin/getLocale - called by startup

     This actually calls .../Boot/sbin/sysidnet -l -y, which obtains the locale information from the net.

   • Configre any installed frame buffers.
   • .../Boot/sbin/sysidconfig - called by startup

     called by startup

3. .../Boot/sbin/startinstall exec'ed by startup. determines if a window session can/will be run.
• .../Boot/sbin/mem - called by startinstall

  Shuts down GUI based install if less than 32MBytes of RAM are present.

4. .../Boot/sbin/sysconfig - called by startinstall

   This file has been modified to allow a hands off headless install. The following lines are added before the si_single_unlock() function definition:

   	     TERM=vt100
   	     export TERM
   	     SYSID_MULTI=-m
   	     LANG=C
   	     export LANG
             

• .../Boot/sbin/sysidtool - called by sysconfig ( >= Sol 9)
  • .../Boot/sbin/sysidnet -y -m - called by sysidtool (or sysconfig in <= Sol 8)

    This gathers: locale, console type, host name, and IP address information from a variety of sources. At this point we are really only going for the console type. If the TERM type is undefined, we go interactive.

  • .../Boot/sbin/sysidkrb5 -m - called by sysidtool (or sysconfig in <= Sol 8)

    This looks for a security policy from the sysidcfg file (located previously). If no policy is found (ie security_policy=xxx in sysidcfg) then we go interactive to obtain it.

  • .../Boot/sbin/sysidns -y - called by sysidtool (or sysconfig in <= Sol 8)

    This obtains the nameservice data: service type (NIS, DNS, etc..); domain name; server hostname/IP.

  • .../Boot/sbin/sysidsys - called by sysidtool (or sysconfig in <= Sol 8)

    This obtains Timezone and Date/Time. The timezone data will come from either sysidcfg or NIS. The date and time will be obtained via the timeserver using rdate. The timeserver can be defined in sysidcfg or the nameservice selected by sysidns.

• .../Boot/etc/default/init - sourced by sysconfig
• ifconfig -auD netmask + broadcast + - reset params based on NIS findings.
• .../Boot/usr/sbin/install.d/parse_dynamic_clustertoc - called by sysconfig
• .../Boot/sbin/suninstall - called by sysconfig
  • .../Boot/usr/sbin/useradd >/dev/null 2>&1 - called by suninstall (or sysconfig in <= Sol 8)

    Tests for / mounted with root access, relies on useradd mode 500 and errno 2 for bad args.

  • /cdrom/.bbi/bin/smi_install.sh - called if CDROM, to start SMI Install Browser.
  • .../Boot/usr/sbin/install.d/profind - called to locate the profile.
  • validate_and_chkprobe - subroutine to validate version and process rules.ok file. This is where the machine components are probed out and resolved against any install rules from rules.ok. You could expect any number of failures here, depending on the state of the hardware. The most common would be related to not probing a hard disk (On ANY error that is even remotely disk related, you should try probing the hardware from the boot ROM. (Via probe-scsi-all or probe-ide)
    • Checking rules.ok file... - calls .../Boot/usr/sbin/install.d/chkprobe
      • Loading user defined probe and match routines.... - iff ${SI_CONFIG_DIR}/${SI_CUSTOM_PROBES_FILE} found, this would be /export/jumpstart/profiles/.... These are extensions to the profile keywords that are used in the rules.ok file.
      • Using begin script: ${SI_BEGIN}" - have read and parsed begin script from rules.ok
      • Using derived profile: ${SI_BEGIN}" - have read and parsed derived profile from rules.ok OtherwiseUsing profile: ${SI_CLASS}
      • Using finish script: ${SI_FINISH}" - have read and parsed finish script from rules.ok
    • may call retrive_support_scripts iff - _INIT_NET_STRATEGY is dhcp or manual.
  • IF NO MATCHING RULE IS FOUND - set SI_INSTALL_APP = jumpstart, and enter interactive install.
  • Executing JumpStart preinstall phase... - calls process-preinstall subroutine.
    • Executing begin script ${SI_BEGIN}... - /sbin/sh ${SI_CONFIG_DIR}/${SI_BEGIN}.
  • Executing SolStart preinstall phase... - maybe called, iff SI_INSTALL_APP!=jumpstart AND no profile is set.
    • Searching for SolStart directory...
    • validate_and_chkprobe - as above.
    • Executing SolStart preinstall phase...
    • call process-preinstall subroutine.
  • Perform the actual installation based on I/O method and wether interactive mode set.
    • .../Boot/usr/sbin/install.d/pfinstall - called for non-interactive jumpstart
    • installtool - called for interactive GUI install
    • .../Boot/usr/sbin/ttinstall - called for terminal based interactive install
  • Executing SolStart postinstall phase... - maybe called, iff SI_INSTALL_APP!=jumpstart
    • calls process_postinstall subroutine.
  • Executing JumpStart postinstall phase... - Calls process_postinstall to process the jumpstart finish script, see rules.ok
    • Executing finish script ${SI_FINISH}... - /sbin/sh ${SI_CONFIG_DIR}/${SI_FINISH}.
  • Move the begin and finish logs to /var/sadm/...
  • .../Boot/sbin/setupLauncher - called for interactive installs, starts Wizard
  • FINI - reboot